<?php
/**
 * LDAP
 * LDAP访问
 *
 * 通过LDAP访问实现域验证
 * @author jiaoba@taobao.com
 * @version 1.0
 */
class Ldap
{
    const ERROR_NONE = 0;
    const ERROR_BIND = 1;
    const ERROR_CONNECT = 2;

    private $_host;
    private $_port;
    private $_base;
    private $_username;
    private $_password;
    private $_dn;

    public $errorCode;

    public function __construct($username, $password)
    {
        $this->_username = $username;
        $this->_password = $password;

        $ldapConfig = Yii::app()->params['ldap'];
        $this->_host = $ldapConfig['host'];
        $this->_port = $ldapConfig['port'];
        $this->_base = $ldapConfig['base'];
        $this->_dn   = $username;

        $this->errorCode = Ldap::ERROR_NONE;
    }

    /**
     * search
     * 通过域和用户名搜索
     *
     * 通过用户名和密码绑定LDAP，再根据用户名搜索用户，匹配域后获取用户信息
     */
    public function search($domain, $username)
    {
        $conn = @ldap_connect($this->_host, $this->_port);
        $user = null;
        $bind = @ldap_bind($conn);
        if($bind)
        {
            $bind = @ldap_bind($conn, $this->_username, $this->_password);
            if($bind)
            {
                $result = @ldap_search($conn, $this->_base, 'sAMAccountName=' . $username);
                if($result)
                {
                    $info = @ldap_get_entries($conn, $result);
                    if($info['count'] >= 1)
                    {
                        foreach($info as $key => $ldap_info)
                        {
                            $domainLdap = '';
                            if(strpos($ldap_info['dn'], 'DC=hz') > 0)
                            {
                                $domainLdap = 'hz';
                            }
                            elseif(strpos($ldap_info['dn'], 'DC=taobao') > 0)
                            {
                                $domainLdap = 'taobao-hz';
                            }
                            elseif(strpos($ldap_info['dn'], 'DC=yahoo') > 0)
                            {
                                $domainLdap = 'yahoo-bj';
                            }
                            elseif(strpos($ldap_info['dn'], 'DC=alipay') > 0)
                            {
                                $domainLdap = 'alipay';
                            }

                            if($domain == $domainLdap)
                            {
                                $user = new Users();
                                $user->username = $username;
                                $user->realname = iconv('gbk','utf-8',$ldap_info['displayname']['0']);
                                $user->email    = $ldap_info['mail']['0'];
                                break;
                            }
                        }
                    }
                }
            }
            else
            {
                $this->errorCode = Ldap::ERROR_BIND;
            }
        }
        else
        {
            $this->errorCode = Ldap::ERROR_CONNECT;
        }
        @ldap_close($conn);
        return $user;
    }
}
?>
